diff options
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index a7a7bf93a5..4085fed39b 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.105 2021/06/29 19:43:15 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.106 2021/06/29 19:56:11 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2317,9 +2317,9 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2317 | } | 2317 | } |
| 2318 | 2318 | ||
| 2319 | static int | 2319 | static int |
| 2320 | ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) | 2320 | ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, |
| 2321 | const struct ssl_sigalg *sigalg, CBB *cert_verify) | ||
| 2321 | { | 2322 | { |
| 2322 | const struct ssl_sigalg *sigalg; | ||
| 2323 | CBB cbb_signature; | 2323 | CBB cbb_signature; |
| 2324 | EVP_PKEY_CTX *pctx = NULL; | 2324 | EVP_PKEY_CTX *pctx = NULL; |
| 2325 | EVP_MD_CTX mctx; | 2325 | EVP_MD_CTX mctx; |
| @@ -2331,16 +2331,6 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) | |||
| 2331 | 2331 | ||
| 2332 | EVP_MD_CTX_init(&mctx); | 2332 | EVP_MD_CTX_init(&mctx); |
| 2333 | 2333 | ||
| 2334 | if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) { | ||
| 2335 | SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); | ||
| 2336 | goto err; | ||
| 2337 | } | ||
| 2338 | if ((md = sigalg->md()) == NULL) { | ||
| 2339 | SSLerror(s, SSL_R_UNKNOWN_DIGEST); | ||
| 2340 | goto err; | ||
| 2341 | } | ||
| 2342 | S3I(s)->hs.our_sigalg = sigalg; | ||
| 2343 | |||
| 2344 | if (!tls1_transcript_data(s, &hdata, &hdata_len)) { | 2334 | if (!tls1_transcript_data(s, &hdata, &hdata_len)) { |
| 2345 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 2335 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 2346 | goto err; | 2336 | goto err; |
| @@ -2532,6 +2522,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) | |||
| 2532 | int | 2522 | int |
| 2533 | ssl3_send_client_verify(SSL *s) | 2523 | ssl3_send_client_verify(SSL *s) |
| 2534 | { | 2524 | { |
| 2525 | const struct ssl_sigalg *sigalg; | ||
| 2535 | CBB cbb, cert_verify; | 2526 | CBB cbb, cert_verify; |
| 2536 | EVP_PKEY *pkey; | 2527 | EVP_PKEY *pkey; |
| 2537 | 2528 | ||
| @@ -2543,13 +2534,19 @@ ssl3_send_client_verify(SSL *s) | |||
| 2543 | goto err; | 2534 | goto err; |
| 2544 | 2535 | ||
| 2545 | pkey = s->cert->key->privatekey; | 2536 | pkey = s->cert->key->privatekey; |
| 2537 | if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) { | ||
| 2538 | SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); | ||
| 2539 | goto err; | ||
| 2540 | } | ||
| 2541 | S3I(s)->hs.our_sigalg = sigalg; | ||
| 2546 | 2542 | ||
| 2547 | /* | 2543 | /* |
| 2548 | * For TLS v1.2 send signature algorithm and signature using | 2544 | * For TLS v1.2 send signature algorithm and signature using |
| 2549 | * agreed digest and cached handshake records. | 2545 | * agreed digest and cached handshake records. |
| 2550 | */ | 2546 | */ |
| 2551 | if (SSL_USE_SIGALGS(s)) { | 2547 | if (SSL_USE_SIGALGS(s)) { |
| 2552 | if (!ssl3_send_client_verify_sigalgs(s, pkey, &cert_verify)) | 2548 | if (!ssl3_send_client_verify_sigalgs(s, pkey, sigalg, |
| 2549 | &cert_verify)) | ||
| 2553 | goto err; | 2550 | goto err; |
| 2554 | } else if (pkey->type == EVP_PKEY_RSA) { | 2551 | } else if (pkey->type == EVP_PKEY_RSA) { |
| 2555 | if (!ssl3_send_client_verify_rsa(s, pkey, &cert_verify)) | 2552 | if (!ssl3_send_client_verify_rsa(s, pkey, &cert_verify)) |